@lando/php 0.5.0

package/services/php/builder.js

@@ -0,0 +1,214 @@
+'use strict';
+
+// Modules
+const _ = require('lodash');
+const path = require('path');
+const semver = require('semver');
+const utils = require('./../../lib/utils');
+
+/*
+ * Helper to get nginx config
+ */
+const nginxConfig = options => ({
+  app: options.app,
+  config: _.merge({}, {
+    vhosts: `${options.confDest}/${options.defaultFiles.vhosts}`,
+  }, options.config),
+  confDest: path.resolve(options.confDest, '..', 'nginx'),
+  info: {managed: true},
+  home: options.home,
+  name: `${options.name}_nginx`,
+  overrides: utils.cloneOverrides(options.overrides),
+  project: options.project,
+  root: options.root,
+  ssl: options.nginxSsl,
+  type: 'nginx',
+  userConfRoot: options.userConfRoot,
+  webroot: options.webroot,
+  version: options.via.split(':')[1],
+});
+
+const xdebugConfig = host => ([
+  `client_host=${host}`,
+  'discover_client_host=1',
+ 'log=/tmp/xdebug.log',
+ 'remote_enable=true',
+  `remote_host=${host}`,
+].join(' '));
+
+/*
+ * Helper to build a package string
+ */
+const pkger = (pkg, version) => (!_.isEmpty(version)) ? `${pkg}:${version}` : pkg;
+
+/*
+ * Helper to parse apache config
+ */
+const parseApache = options => {
+  if (options.ssl) options.defaultFiles.vhosts = 'default-ssl.conf';
+  options.volumes.push(`${options.confDest}/${options.defaultFiles.vhosts}:${options.remoteFiles.vhosts}`);
+  if (options.version === '5.3') options.environment.APACHE_LOG_DIR = '/var/log';
+  return options;
+};
+
+/*
+ * Helper to parse cli config
+ */
+const parseCli = options => {
+  options.command = [_.get(options, 'command', 'tail -f /dev/null')];
+  return options;
+};
+
+/*
+ * Helper to parse nginx config
+ */
+const parseNginx = options => {
+  options.command = (process.platform !== 'win32') ? ['php-fpm'] : ['php-fpm -R'];
+  options.image = 'fpm';
+  options.remoteFiles.vhosts = '/opt/bitnami/nginx/conf/lando.conf';
+  options.defaultFiles.vhosts = (options.ssl) ? 'default-ssl.conf.tpl' : 'default.conf.tpl';
+  options.nginxSsl = options.ssl;
+  options.ssl = false;
+  if (process.platform === 'win32') {
+    options.volumes.push(`${options.confDest}/zz-lando.conf:/usr/local/etc/php-fpm.d/zz-lando.conf`);
+  }
+  options.remoteFiles.pool = '/usr/local/etc/php-fpm.d/zz-lando.conf';
+  return options;
+};
+
+/*
+ * Helper to parse php config
+ */
+const parseConfig = options => {
+  switch (options.via.split(':')[0]) {
+    case 'apache': return parseApache(options);
+    case 'cli': return parseCli(options);
+    case 'nginx': return parseNginx(options);
+  }
+};
+
+// Builder
+module.exports = {
+  name: 'php',
+  config: {
+    version: '7.4',
+    supported: ['8.1', '8.0', '7.4', '7.3', '7.2', '7.1', '7.0', '5.6', '5.5', '5.4', '5.3'],
+    legacy: ['7.2', '7.1', '7.0', '5.6', '5.5', '5.4', '5.3'],
+    gen2: ['5.5', '5.4', '5.3'],
+    gen3: ['7.2', '7.1', '7.0', '5.6'],
+    path: [
+      '/app/vendor/bin',
+      '/app/bin',
+      '/usr/local/sbin',
+      '/usr/local/bin',
+      '/usr/sbin',
+      '/usr/bin',
+      '/sbin',
+      '/bin',
+      '/var/www/.composer/vendor/bin',
+      '/helpers',
+    ],
+    confSrc: __dirname,
+    command: ['sh -c \'a2enmod rewrite && apache2-foreground\''],
+    composer_version: '2.0.7',
+    image: 'apache',
+    defaultFiles: {
+      _php: 'php.ini',
+      vhosts: 'default.conf',
+      // server: @TODO? DO THE PEOPLE DEMAND IT?
+    },
+    environment: {
+      COMPOSER_ALLOW_SUPERUSER: 1,
+      COMPOSER_MEMORY_LIMIT: '-1',
+      PHP_MEMORY_LIMIT: '1G',
+    },
+    remoteFiles: {
+      _php: '/usr/local/etc/php/conf.d/xxx-lando-default.ini',
+      vhosts: '/etc/apache2/sites-enabled/000-default.conf',
+      php: '/usr/local/etc/php/conf.d/zzz-lando-my-custom.ini',
+    },
+    sources: [],
+    suffix: '4',
+    ssl: false,
+    via: 'apache',
+    volumes: ['/usr/local/bin'],
+    webroot: '.',
+  },
+  parent: '_appserver',
+  builder: (parent, config) => class LandoPhp extends parent {
+    constructor(id, options = {}, factory) {
+      options = parseConfig(_.merge({}, config, options));
+      // Mount our default php config
+      options.volumes.push(`${options.confDest}/${options.defaultFiles._php}:${options.remoteFiles._php}`);
+
+      // Shift on the docker entrypoint if this is a more recent version
+      if (options.version !== 'custom' && semver.gt(semver.coerce(options.version), '5.5.0')) {
+        options.command.unshift('docker-php-entrypoint');
+      }
+
+      // If xdebug is set to "true" then map it to "debug"
+      if (options.xdebug === true) options.xdebug = 'debug';
+
+      // If this is a legacy php version then switch the suffix
+      if (_.includes(options.gen3, options.version)) options.suffix = '3';
+      if (_.includes(options.gen2, options.version)) options.suffix = '2';
+
+      // Build the php
+      const php = {
+        image: `devwithlando/php:${options.version}-${options.image}-${options.suffix}`,
+        environment: _.merge({}, options.environment, {
+          PATH: options.path.join(':'),
+          LANDO_WEBROOT: `/app/${options.webroot}`,
+          XDEBUG_CONFIG: xdebugConfig(options._app.env.LANDO_HOST_IP),
+          XDEBUG_MODE: (options.xdebug === false) ? 'off' : options.xdebug,
+        }),
+        networks: (_.startsWith(options.via, 'nginx')) ? {default: {aliases: ['fpm']}} : {default: {}},
+        ports: (_.startsWith(options.via, 'apache') && options.version !== 'custom') ? ['80'] : [],
+        volumes: options.volumes,
+        command: options.command.join(' '),
+      };
+      options.info = {via: options.via};
+
+      // Add our composer things to run step
+      if (!_.isEmpty(options.composer)) {
+        const commands = utils.getInstallCommands(options.composer, pkger, ['composer', 'global', 'require']);
+        utils.addBuildStep(commands, options._app, options.name, 'build_internal');
+      }
+
+      // Add activate steps for xdebug
+      if (options.xdebug) {
+        utils.addBuildStep(['docker-php-ext-enable xdebug'], options._app, options.name, 'build_as_root_internal');
+      }
+
+      // Install the desired composer version
+      if (options.composer_version) {
+        const commands = [`/helpers/install-composer.sh ${options.composer_version}`];
+        utils.addBuildStep(commands, options._app, options.name, 'build_internal', true);
+      }
+
+      // Add in nginx if we need to
+      if (_.startsWith(options.via, 'nginx')) {
+        // Set another lando service we can pass down the stream
+        const nginxOpts = nginxConfig(options);
+        // Merge in any user specifified
+        const LandoNginx = factory.get('nginx');
+        const data = new LandoNginx(nginxOpts.name, nginxOpts);
+        // If the user has overriden this service lets make sure we include that as well
+        const userOverrides = _.get(options, `_app.config.services.${nginxOpts.name}.overrides`, {});
+        data.data.push({
+          services: _.set({}, nginxOpts.name, userOverrides),
+          version: _.get(data, 'data[0].version'),
+        });
+        // This is a trick to basically replicate what happens upstream
+        options._app.add(data);
+        options._app.info.push(data.info);
+        // Indicate the relationship on the primary service
+        options.info.served_by = nginxOpts.name;
+      }
+
+      // Add in the php service and push downstream
+      options.sources.push({services: _.set({}, options.name, php)});
+      super(id, options, ..._.flatten(options.sources));
+    };
+  },
+};

package/services/php/default-ssl.conf

@@ -0,0 +1,188 @@
+<VirtualHost *:80>
+  # WHAT IN THE WORLD HAPPENED TO YOU
+  # The ServerName directive sets the request scheme, hostname and port that
+  # the server uses to identify itself. This is used when creating
+  # redirection URLs. In the context of virtual hosts, the ServerName
+  # specifies what hostname must appear in the request's Host: header to
+  # match this virtual host. For the default virtual host (this file) this
+  # value is not decisive as it is used as a last resort host regardless.
+  # However, you must set it for any further virtual host explicitly.
+  ServerName appserver
+
+  ServerAdmin webmaster@localhost
+  DocumentRoot ${LANDO_WEBROOT}
+  <Directory />
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverride All
+    Order allow,deny
+    Allow from all
+    Require all granted
+  </Directory>
+
+  # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+  # error, crit, alert, emerg.
+  # It is also possible to configure the loglevel for particular
+  # modules, e.g.
+  #LogLevel info ssl:warn
+
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+  # For most configuration files from conf-available/, which are
+  # enabled or disabled at a global level, it is possible to
+  # include a line for only one particular virtual host. For example the
+  # following line enables the CGI configuration for this host only
+  # after it has been globally disabled with "a2disconf".
+  #Include conf-available/serve-cgi-bin.conf
+
+  # Pass some common ENVs, its ok if this fails
+  SetEnv BACKDROP_SETTINGS ${BACKDROP_SETTINGS}
+  SetEnvIf x-forwarded-proto https HTTPS=on
+
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+  <VirtualHost *:443>
+    ServerAdmin webmaster@localhost
+    ServerName appserver
+
+    DocumentRoot ${LANDO_WEBROOT}
+    <Directory />
+      Options Indexes FollowSymLinks MultiViews
+      AllowOverride All
+      Order allow,deny
+      Allow from all
+      Require all granted
+    </Directory>
+    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+    # error, crit, alert, emerg.
+    # It is also possible to configure the loglevel for particular
+    # modules, e.g.
+    #LogLevel info ssl:warn
+
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+    # For most configuration files from conf-available/, which are
+    # enabled or disabled at a global level, it is possible to
+    # include a line for only one particular virtual host. For example the
+    # following line enables the CGI configuration for this host only
+    # after it has been globally disabled with "a2disconf".
+    #Include conf-available/serve-cgi-bin.conf
+
+    #   SSL Engine Switch:
+    #   Enable/Disable SSL for this virtual host.
+    SSLEngine on
+
+    #   A self-signed (snakeoil) certificate can be created by installing
+    #   the ssl-cert package. See
+    #   /usr/share/doc/apache2/README.Debian.gz for more info.
+    #   If both key and certificate are stored in the same file, only the
+    #   SSLCertificateFile directive is needed.
+    SSLCertificateFile "/certs/cert.crt"
+    SSLCertificateKeyFile "/certs/cert.key"
+
+    #   Server Certificate Chain:
+    #   Point SSLCertificateChainFile at a file containing the
+    #   concatenation of PEM encoded CA certificates which form the
+    #   certificate chain for the server certificate. Alternatively
+    #   the referenced file can be the same as SSLCertificateFile
+    #   when the CA certificates are directly appended to the server
+    #   certificate for convenience.
+    #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+    #   Certificate Authority (CA):
+    #   Set the CA certificate verification path where to find CA
+    #   certificates for client authentication or alternatively one
+    #   huge file containing all of them (file must be PEM encoded)
+    #   Note: Inside SSLCACertificatePath you need hash symlinks
+    #    to point to the certificate files. Use the provided
+    #    Makefile to update the hash symlinks after changes.
+    #SSLCACertificatePath /etc/ssl/certs/
+    #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+    #   Certificate Revocation Lists (CRL):
+    #   Set the CA revocation path where to find CA CRLs for client
+    #   authentication or alternatively one huge file containing all
+    #   of them (file must be PEM encoded)
+    #   Note: Inside SSLCARevocationPath you need hash symlinks
+    #    to point to the certificate files. Use the provided
+    #    Makefile to update the hash symlinks after changes.
+    #SSLCARevocationPath /etc/apache2/ssl.crl/
+    #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+    #   Client Authentication (Type):
+    #   Client certificate verification type and depth.  Types are
+    #   none, optional, require and optional_no_ca.  Depth is a
+    #   number which specifies how deeply to verify the certificate
+    #   issuer chain before deciding the certificate is not valid.
+    #SSLVerifyClient require
+    #SSLVerifyDepth  10
+
+    #   SSL Engine Options:
+    #   Set various options for the SSL engine.
+    #   o FakeBasicAuth:
+    #  Translate the client X.509 into a Basic Authorisation.  This means that
+    #  the standard Auth/DBMAuth methods can be used for access control.  The
+    #  user name is the `one line' version of the client's X.509 certificate.
+    #  Note that no password is obtained from the user. Every entry in the user
+    #  file needs this password: `xxj31ZMTZzkVA'.
+    #   o ExportCertData:
+    #  This exports two additional environment variables: SSL_CLIENT_CERT and
+    #  SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+    #  server (always existing) and the client (only existing when client
+    #  authentication is used). This can be used to import the certificates
+    #  into CGI scripts.
+    #   o StdEnvVars:
+    #  This exports the standard SSL/TLS related `SSL_*' environment variables.
+    #  Per default this exportation is switched off for performance reasons,
+    #  because the extraction step is an expensive operation and is usually
+    #  useless for serving static content. So one usually enables the
+    #  exportation for CGI and SSI requests only.
+    #   o OptRenegotiate:
+    #  This enables optimized SSL connection renegotiation handling when SSL
+    #  directives are used in per-directory context.
+    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+    <FilesMatch "\.(cgi|shtml|phtml|php)$">
+        SSLOptions +StdEnvVars
+    </FilesMatch>
+    <Directory /usr/lib/cgi-bin>
+        SSLOptions +StdEnvVars
+    </Directory>
+
+    #   SSL Protocol Adjustments:
+    #   The safe and default but still SSL/TLS standard compliant shutdown
+    #   approach is that mod_ssl sends the close notify alert but doesn't wait for
+    #   the close notify alert from client. When you need a different shutdown
+    #   approach you can use one of the following variables:
+    #   o ssl-unclean-shutdown:
+    #  This forces an unclean shutdown when the connection is closed, i.e. no
+    #  SSL close notify alert is send or allowed to received.  This violates
+    #  the SSL/TLS standard but is needed for some brain-dead browsers. Use
+    #  this when you receive I/O errors because of the standard approach where
+    #  mod_ssl sends the close notify alert.
+    #   o ssl-accurate-shutdown:
+    #  This forces an accurate shutdown when the connection is closed, i.e. a
+    #  SSL close notify alert is send and mod_ssl waits for the close notify
+    #  alert of the client. This is 100% SSL/TLS standard compliant, but in
+    #  practice often causes hanging connections with brain-dead browsers. Use
+    #  this only for browsers where you know that their SSL implementation
+    #  works correctly.
+    #   Notice: Most problems of broken clients are also related to the HTTP
+    #   keep-alive facility, so you usually additionally want to disable
+    #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+    #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+    #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+    #   "force-response-1.0" for this.
+    BrowserMatch "MSIE [2-6]" \
+        nokeepalive ssl-unclean-shutdown \
+        downgrade-1.0 force-response-1.0
+    # MSIE 7 and newer should be able to use keepalive
+    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+    # Pass some common ENVs, its ok if this fails
+    SetEnv BACKDROP_SETTINGS ${BACKDROP_SETTINGS}
+    SetEnvIf x-forwarded-proto https HTTPS=on
+
+  </VirtualHost>
+</IfModule>

package/services/php/default-ssl.conf.tpl

@@ -0,0 +1,30 @@
+server {
+    listen       443 ssl;
+    listen       80;
+    listen   [::]:80 default ipv6only=on;
+    server_name  localhost;
+
+    ssl_certificate      /certs/cert.crt;
+    ssl_certificate_key  /certs/cert.key;
+
+    ssl_session_cache    shared:SSL:1m;
+    ssl_session_timeout  5m;
+
+    ssl_ciphers  HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers  on;
+
+    root "{{LANDO_WEBROOT}}";
+    index index.php index.html index.htm;
+
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        fastcgi_pass fpm:9000;
+        fastcgi_index  index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_buffers 256 128k;
+        fastcgi_connect_timeout 300s;
+        fastcgi_send_timeout 300s;
+        fastcgi_read_timeout 300s;
+        include fastcgi_params;
+    }
+}

package/services/php/default.conf

@@ -0,0 +1,41 @@
+<VirtualHost *:80>
+  # WHAT IN THE WORLD HAPPENED TO YOU
+  # The ServerName directive sets the request scheme, hostname and port that
+  # the server uses to identify itself. This is used when creating
+  # redirection URLs. In the context of virtual hosts, the ServerName
+  # specifies what hostname must appear in the request's Host: header to
+  # match this virtual host. For the default virtual host (this file) this
+  # value is not decisive as it is used as a last resort host regardless.
+  # However, you must set it for any further virtual host explicitly.
+  ServerName appserver
+
+  ServerAdmin webmaster@localhost
+  DocumentRoot ${LANDO_WEBROOT}
+  <Directory />
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverride All
+    Order allow,deny
+    Allow from all
+    Require all granted
+  </Directory>
+
+  # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+  # error, crit, alert, emerg.
+  # It is also possible to configure the loglevel for particular
+  # modules, e.g.
+  #LogLevel info ssl:warn
+
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+  # For most configuration files from conf-available/, which are
+  # enabled or disabled at a global level, it is possible to
+  # include a line for only one particular virtual host. For example the
+  # following line enables the CGI configuration for this host only
+  # after it has been globally disabled with "a2disconf".
+  #Include conf-available/serve-cgi-bin.conf
+
+  # Pass some common ENVs, its ok if this fails
+  SetEnv BACKDROP_SETTINGS ${BACKDROP_SETTINGS}
+
+</VirtualHost>

package/services/php/default.conf.tpl

@@ -0,0 +1,20 @@
+server {
+    listen   80;
+    listen   [::]:80 default ipv6only=on;
+    server_name  localhost;
+
+    root   "{{LANDO_WEBROOT}}";
+    index index.php index.html index.htm;
+
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        fastcgi_pass fpm:9000;
+        fastcgi_index  index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_buffers 256 128k;
+        fastcgi_connect_timeout 300s;
+        fastcgi_send_timeout 300s;
+        fastcgi_read_timeout 300s;
+        include fastcgi_params;
+    }
+}

package/services/php/php.ini

@@ -0,0 +1,46 @@
+[PHP]
+
+;;;;;;;;;;;;;;;
+; PHP Globals ;
+;;;;;;;;;;;;;;;
+
+short_open_tag = Off
+output_buffering = 4096
+allow_call_time_pass_reference = Off
+request_order = "GP"
+register_long_arrays = Off
+register_argc_argv = Off
+magic_quotes_gpc = Off
+enable_dl = Off
+allow_url_fopen = On
+realpath_cache_size = "800K"
+realpath_cache_ttl = "86400"
+disable_functions =
+sendmail_path=/bin/true
+
+[Date]
+date.timezone = "UTC"
+
+;;;;;;;;;;;;;;;;;;;;;;
+;; PACKAGE SETTINGS ;;
+;;;;;;;;;;;;;;;;;;;;;;
+
+; Xdebug
+xdebug.max_nesting_level = 512
+xdebug.remote_autostart = 1
+xdebug.start_with_request = trigger
+xdebug.mode = ${XDEBUG_MODE}
+
+; Globals
+expose_php = on
+max_execution_time = 90
+max_input_time = 900
+max_input_vars = 10000
+memory_limit = ${PHP_MEMORY_LIMIT}
+upload_max_filesize = 100M
+post_max_size = 100M
+error_reporting = E_ALL & ~E_DEPRECATED
+ignore_repeated_errors = on
+html_errors = off
+display_errors = on
+log_errors = on

package/services/php/zz-lando.conf

@@ -0,0 +1,3 @@
+[www]
+user = root
+group = root